<?php

//1.验证当前用户的权限是否满足

include_once("../common.php");
//1.验证cookie
include "opDB.php";
$findflag = false;
$userid_post = NULL;
$level = NULL;
if (isset($_COOKIE['pgv_pvi'])){
	$ckuser = $_COOKIE['pgv_pvi'];
	
	$realUserId = getRealUserId($ckuser);

	if($realUserId != false){
		$user_sql = 'SELECT * FROM `user` WHERE `realUserId` = \''.$realUserId.'\' LIMIT 0, 1 ';
		$result = mysql_query($user_sql);	
		if($result != false){
			$row = mysql_fetch_array($result);
			$userid_post = $row['userId'];//发串回串用的ID
			$level = $row['level'];
			$findflag = true;
		}
	}
}

if(!$findflag||$level!=1){
	echo "<h1>没有授权</h1>";//TODO:没cookie页面	
	mysql_close($con);
	return;
}

//TODO:考虑设置一下删除密码
//2.验证删除密码
/*
$pwd = isset($_POST['pwd'])?$_POST['pwd']:NULL;
if(NULL == $pwd || strcmp($pwd,"mohamoha")!=0){
	echo "<h1>没有授权</h1>";//TODO:没cookie页面	
	mysql_close($con);
	return;
}
*/

//3.检测哪些要删除,区别是否只删图,目前一个一个删除
$onlyimgdel = isset($_POST['onlyimgdel'])?$_POST['onlyimgdel']:false;
if($onlyimgdel && strcmp($onlyimgdel,"on")==0)$onlyimgdel = true;
else $onlyimgdel = false;

//$upDir = "../uploadPic/";

foreach($_POST as $pkey=>$pval){
	if(filter_var($pkey,FILTER_VALIDATE_INT)){
		
		if(strcmp($pval,"deleteT")==0){
			
			if(!$onlyimgdel){
				$delthread_sql = 'delete from thread where tId='.$pkey.' limit 1';
				$delreply_sql = 'delete from reply where tId='.$pkey.' ';
				mysql_query($delthread_sql)or die("fail to delete");
				mysql_query($delreply_sql)or die("fail to delete");
			}
			else{
				
				$picAddr_sql = 'select `picAddr` from thread where tId='.$pkey.' limit 1';
				
				$picAddrRes = mysql_query($picAddr_sql) or die('fail to find the picAddr');
				
				$picAddrRow = mysql_fetch_array($picAddrRes);
				$picAddr = $picAddrRow['picAddr'];
				
				$del_pic_sql = 'update reply set picAddr = NULL where picAddr="'.$picAddr.'"';
				mysql_query($del_pic_sql) or die('fail to update picAddr');
				$del_pic_sql = 'update thread set picAddr = NULL where picAddr="'.$picAddr.'"';
				mysql_query($del_pic_sql) or die('fail to update picAddr');

				//实际删除图片				
				if(file_exists($picAddr)){
					unlink($picAddr);
					echo "delete the pic";	
				}else{
					echo "pic not exists";	
				}

			}
		}else if(strcmp($pval,"deleteR")==0){
			if(!$onlyimgdel){
				$del_sql = 'delete from reply where rId='.$pkey.' limit 1';
				mysql_query($del_sql) or die("fail to delete");
			}
			else{
				
				$picAddr_sql = 'select picAddr from reply where rId='.$pkey.' limit 1';
				$picAddrRow = mysql_query($picAddr_sql) or die('fail to find the picAddr');
				$picAddr = mysql_fetch_array($picAddrRow);
				$picAddr = $picAddr['picAddr'];
				$del_pic_sql = 'update reply set picAddr = NULL where picAddr="'.$picAddr.'"';
				mysql_query($del_pic_sql) or die('fail to update picAddr');
				$del_pic_sql = 'update thread set picAddr = NULL where picAddr="'.$picAddr.'"';
				mysql_query($del_pic_sql) or die('fail to update picAddr');
				
				
				//实际删除图片				
				if(file_exists($picAddr)){
					unlink($picAddr);
					echo "delete the pic";	
				}else{
					echo "pic not exists";	
				}

			}
		}
	}
}
echo "<h1>(～￣▽￣)～<(￣ˇ￣)/～(￣▽￣～)(～￣▽￣)～ 删除成功</h1><br/>";


//返回
//$board_id = get_POSTInt('board_id',0);
//$pageNo = get_POSTInt('pageNo',0);
$refUrl = isset($_POST['ref'])?$_POST['ref']:false;

if(!$refUrl){$refUrl = 'news.php?board_id='.(0).'&pageNo='.(0);}
//echo '$pageNo:'.$pageNo;
echo '您将在2秒后返回......<br />';
//TODO:也可以通过get_headers()分析refer 来获得访问的来源
echo '<meta http-equiv="Refresh" content="10;url='.$refUrl.'">';
echo '如果未返回,请点这里';
echo '<a href="'.$refUrl.'">返回</a>';

?>